Over the last decade privacy has been recognised as being increasingly eroded, and many efforts have been made to protect it: New and better privacy laws and regulations have been made and are still being proposed, such as the European General Data Protection Regulation. Industry initiatives such as “Do Not Track” have been launched. The research community on privacy and data protection has grown in size and covers a wider range of disciplines (such as technical, legal, and social disciplines). An increasing number of privacy-enhancing technologies (PETs) – among others for user-controlled identity management and eIDs – are available and have gained in maturity, and the public at large is responding to privacy-related challenges.

Despite these positive developments, privacy is less protected than before: Rapid technology development and increasing interest in identities and other personal data from commercial or government beneficiaries provide strong incentives for increasing data collection to the detriment of data privacy. There seems to be no, or much less, financial advantage than previously in protecting privacy. At the same time, laws and regulation seem not to have the effect wanted for various reasons: They have not been implemented, take time to be made operational, are not protecting privacy effectively, or are simply circumvented. Many of them aim at checkbox compliance rather than promoting actual protection of human rights. Finally, the technology and processes behind the scene have become so complex that not even experts – let alone end-users – can tell whether or not privacy is being protected, and hence they have little or no basis on which to take protective measures. On this basis, user-controlled identity management that has been seen as a panacea for empowering users in their informational self- determination cannot really work.

The 2013 Snowden affair made it very clear that the current electronic infrastructures are very vulnerable, and known protection mechanisms such as encryption are rarely used. Identity information of all Internet or phone users is being collected and analysed by powerful intelligence services in the pursuit of national security. Clearly this lack of protection is problematic not only for maintaining privacy and managing one’s identities, but for the organisation and structure of societies and economies in general. One would hope that this message would be sufficiently clear so that actions are taken to secure infrastructures. Instead, the “crypto debate” is arising again, based on the issue of whether users should be allowed to use proper encryption or not.

This raises questions about what is needed to increase the protection of privacy. Do we need a technological, social, or political revolution? Or are we seeing a number of evolutionary advances of various sorts? Are the available legal, technical, organisational, economic, social, ethical, or psychological instruments for privacy and identity management suitable to improve the protection of privacy? Do we need a revolution in our thinking, a broad movement based on personal initiative – not only for citizens to voice their opinions, but also to implement and maintain solutions as alternatives to those technical infrastructures that have been compromised? How to emphasise the powerful role that technology offers to members of the public (in terms of awareness, citizen-interaction, community engagement)? What does this also mean in terms of technology development, social movements, and ethically informed design?There are many opportunities that may help to achieve better and safer infrastructures for people to communicate freely and without being observed either by commercial or by governmental bodies (user empowerment); to improve the balance between individuals and institutions (especially concerning the privacy protection goals transparency and participation); and to set up democratic processes in which effective oversight over the consequences of new technologies can be exercised.These questions, as well as current research on privacy and identity management in general, will be addressed by the 2015 IFIP Summer School on Privacy and Identity Management.

The Summer School organisation will be a joint effort among IFIP (International Federation for Information Processing, Working Groups 9.2, 9.5, 9.6/11.7, 11.4, 11.6, and Special Interest Group 9.2.2), CRISP (Centre for Research into Information, Surveillance and Privacy), the University of Edinburgh School of Informatics, and several European and national projects. The 2015 IFIP Summer School will bring together junior and senior researchers and practitioners from multiple disciplines to discuss important questions concerning privacy and identity management and related issues in a global environment subject to considerable change.We are especially inviting contributions from students who are at the stage of preparing either a master’s or a PhD thesis. The school is interactive in character, and is composed of plenary lectures and workshops with master/PhD student presentations. The principle is to encourage young academic and industry entrants to the privacy and identity management world to share their own ideas, build up a collegial relationship with others, gain experience in making presentations, and potentially publish a paper through the resulting book proceedings.

Students that actively participate, in particular those who present a paper, can receive a course certificate which awards 3 ECTS at the PhD level. Student attendees who do not present a paper will receive a course certificate which awards 1.5 ECTS at the PhD level. The certificate can certify the topic of the contributed paper so as to demonstrate its relation (or non-relation) to the student’s master’s or PhD thesis.

Basic elements of the Summer School

The Summer School takes a holistic approach to society and technology and supports interdisciplinary exchange through keynote and plenary lectures, tutorials, workshops, and research paper presentations. In particular, participants’ contributions that combine technical, legal, regulatory, socio-economic, social or societal, political, ethical, anthropological, philosophical, or psychological perspectives are welcome. The interdisciplinary character of the work is fundamental to the school. The research paper presentations and the workshops have a particular focus on involving students, and on encouraging the publication of high- quality, thorough research papers by students/young researchers. To this end, the school has a two-phase review process for submitted papers. In the first phase submitted papers (short versions) are reviewed and selected for presentation at the school. After the school, these papers can be revised (so that they can benefit from the discussion that occurred at the school) and are then reviewed again for inclusion in the school’s proceedings which will be published by Springer. Of course, submissions by senior researchers and European, national, or regional/community research projects are also very welcome.

Contributions

The school seeks contributions in the form of research papers, tutorials, and workshop proposals from all disciplines (e.g., computer science, informatics, economics, ethics, law, psychology, sociology, political and other social sciences, surveillance studies, business and public management).Topics of interest include, but are not limited to:

roadmap towards increased privacy protection, use of PETs and privacy by design as a standard procedure,

semantics, web security, and privacy,

social accountability, social, legal and ethical aspects of technology and the Internet specifically,

social care, community care, integrated care and opportunities for as well as threats to individual and community privacy,

social networks, social computing, crowdsourcing and social movements,

surveillance, video surveillance, sensor networks, and the Internet of Things,

transparency-enhancing technologies (TETs),

trust management and reputation systems,

ubiquitous and usable privacy and identity management.

Research papers are expected to contribute towards application scenarios, use cases, and good practices; research with an empirical focus; and interdisciplinary work. They will be selected by the Summer School Programme Committee based on the review of an extended abstract.

Submissions should contain a concise problem statement, an outline, and clear messages (they should not be about work “to be done”). Accepted short versions of papers will be made available to all participants in the Summer School Pre-Proceedings. After the Summer School, authors will have the opportunity to submit their final full papers (in Springer LNCS format) of 8-16 pages in length (which will address those questions and aspects raised during the Summer School) for publication in the Summer School Proceedings to be published by the official IFIP publisher (Springer). The papers to be included in the Final Proceedings will again be reviewed and selected by the Summer School Programme Committee. Students are expected to try to publish their work through this volume.Tutorials are expected to last one or two hours. Proposals should contain a short summary and state the level and background required for attendees to follow the tutorial.Workshops are expected to last one or two hours and must produce short papers recapitulating the outcome for inclusion in the proceedings. Proposals should contain a short statement summarising the topic(s) to be discussed and the expected contributions of the audience.

Best Student Paper Award

At the IFIP Summer School, a Best Paper Student Award will be awarded. Papers written solely or primarily by students and presented by a student at the Summer School are eligible for the award. If the paper is co-authored with senior researchers, the authors have to state that the main work and contributions can be clearly attributed to the student author(s). The award will be selected based on the quality of the paper and of the oral presentation.